What does this research mean for the field?

Current regulatory standards and industry frameworks fail to mandate substrate-layer governance controls for AI agent systems, rendering existing runtime-only governance approaches dangerously insufficient. Novelty: ClaimNovelty.METHODOLOGICAL. Consensus alignment: ConsensusAlignment.CHALLENGES_CONSENSUS.

What question did this study set out to answer?

The study aims to highlight the inadequacies of current AI governance focused solely on runtime controls and propose a deeper framework.

May 28, 2026Open Access

Substrate Governance: Why Runtime Controls Are Insufficient and What Must Replace Them: A Vendor-Agnostic Framework for Governing AI Agents at the Infrastructure Layer

Key Points

The study aims to highlight the inadequacies of current AI governance focused solely on runtime controls and propose a deeper framework.
Defines a three-pillar framework for substrate governance, including Execution Substrate Integrity, Memory Substrate Auditability, and Orchestration Mesh Accountability.
Presents a substrate failure taxonomy, an implementation roadmap, and a checklist for effective governance controls.
Analyzes regulatory alignment and the lack of explicit mandates for substrate-layer governance.
Finds that existing regulations do not mandate substrate governance controls for AI systems, highlighting a critical oversight.
Demonstrates that relying on standards compliance leaves substrate-level issues unaddressed, increasing operational risks.
Suggests that implementing the proposed framework could significantly enhance governance and accountability in AI deployments.

Abstract

The AI governance discourse of the past five years has focused almost exclusively on runtime controls—the visible, API-surface-adjacent mechanisms that regulate model input and output. These controls are real, they have genuine value, and organizations are right to deploy them. They are also, taken alone, dangerously insufficient. The substrate layer—the execution environment, the memory substrate, and the orchestration mesh—remains ungoverned, uninstrumented, and forensically opaque in the vast majority of enterprise AI deployments. This whitepaper defines a three-pillar framework for substrate governance as a first-class discipline: Execution Substrate Integrity (ESI), Memory Substrate Auditability (MSA), and Orchestration Mesh Accountability (OMA). It provides a four-type substrate failure taxonomy, a phased implementation roadmap, regulatory alignment analysis, and a complete substrate governance controls checklist. Critical Finding: No current regulatory standard, industry framework, or certification scheme explicitly mandates substrate-layer governance controls for AI agent systems. Organizations that rely exclusively on standards compliance to define their governance posture are, by definition, leaving their substrate ungoverned.

Read Full Paperexternally

Mark Helpful

Bookmark

Relay

View Full Paper